Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2017
<<   <   Page 2 / 4   >   >>
Law Comes to Self-Driving Wild West
Simon Marshall  |  9/22/2017  | 
Legislation has begun focusing on the security needs of self-driving cars. Part one of a two-part article.
Americans Rank Criminal Hacking as Their Number One Threat
News  |  9/22/2017  | 
Global warming and artificial intelligence rate as less of a threat to human health, safety, and prosperity, than getting hacked, according to a survey released today.
Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid
Commentary  |  9/22/2017  | 
Why healthcare organizations need a good strategy to find talent, or get left behind.
10 Security Product Flaw Scares
Slideshows  |  9/22/2017  | 
CCleaner compromise puts the crown on several years' worth of headlines about cybersecurity product weaknesses.
Where Do Security Vulnerabilities Come From?
Partner Perspectives  |  9/22/2017  | 
There are three major causes: code quality, complexity, and trusted data inputs.
A New, Invisible Threat Jumps the Air Gap
Curt Franklin  |  9/21/2017  | 
The infrared capabilities of security cameras provide a new way for attackers to reach systems that have no connection to the Internet.
SEC Says Intruders May Have Accessed Insider Data for Illegal Trading
News  |  9/21/2017  | 
2016 breach of the Securities and Exchange Commission's EDGAR database dents its reputation as a federal cybersecurity enforcer.
CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft
News  |  9/21/2017  | 
The backdoor discovered in Avast's CCleaner targeted top tech companies including Google, Microsoft, Samsung, Sony, VMware, and Cisco.
Why Size Doesn't Matter in DDoS Attacks
Commentary  |  9/21/2017  | 
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
SMBs Paid $301 Million to Ransomware Attackers
Quick Hits  |  9/21/2017  | 
But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal
Quick Hits  |  9/21/2017  | 
A judge ruled federal employees cannot sue for damages from the 2015 Office of Personnel Management data breach.
CISOs Under Fire: New Poll Shows Progress & Peril
Curt Franklin  |  9/20/2017  | 
A new report by F5 and Ponemon looks at the state of the CISO in modern enterprises.
Iranian Cyberspy Group Targets Aerospace, Energy Firms
News  |  9/20/2017  | 
APT33 focused on gathering information to bolster Iran's aviation industry and military decision-making capability, FireEye says.
Cisco SMI Still Exposing Network Switches Online
News  |  9/20/2017  | 
The high number of exposed and vulnerable devices online has remained largely unchanged since researchers began exploring SMI in 2010.
Survey Finds Companies Don't Know Cloud Security
Curt Franklin  |  9/20/2017  | 
Companies are worried about security in the public cloud, but a new survey shows they don't understand the basics.
Mobile Ransomware Hits Browsers with Old-School Techniques
News  |  9/20/2017  | 
Several types of malware sold on the dark Web advertise the ability to spy on Android smartphones, encrypt files, and demand payment.
Artificial Intelligence: Getting the Results You Want
Partner Perspectives  |  9/20/2017  | 
Finding a vendor that doesnt claim to do AI is hard these days. But getting the benefits you need and expect is even harder.
Software Assurance: Thinking Back, Looking Forward
Commentary  |  9/20/2017  | 
Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.
SecureAuth to Merge with Core Security
News  |  9/20/2017  | 
K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.
1.9 Billion Data Records Exposed in First Half of 2017
News  |  9/20/2017  | 
Every second, 122 records are exposed in breaches around the globe, a new report shows. And that's doesn't even include the new Equifax breach data.
Get Serious about IoT Security
Commentary  |  9/20/2017  | 
These four best practices will help safeguard your organization in the Internet of Things.
10 Hot Cybersecurity Funding Rounds in Q3
Slideshows  |  9/20/2017  | 
The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.
Intent-Based Security Is New Path for Vendors
Curt Franklin  |  9/19/2017  | 
A growing number of security and networking vendors are talking about intent-based security as a next-gen solution.
Avast-Owned Piriform Releases CCleaner Security Update
Quick Hits  |  9/19/2017  | 
The Avast subsidiary has released two new versions of CCleaner following the discovery of a supply-chain attack.
New Spam Campaign Literally Doubles Down on Ransomware
News  |  9/19/2017  | 
An upgraded spam campaign alternates Locky and FakeGlobe ransomware, forcing victims to pay twice or lose all their data.
CCleaner Infection Reveals Sophisticated Hack
Simon Marshall  |  9/19/2017  | 
The hack that put malware on an update of a popular security program was not the work of a first-time malware author.
GDPR & the Rise of the Automated Data Protection Officer
Commentary  |  9/19/2017  | 
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
Viacom's Secret Cloud Keys Exposed
Quick Hits  |  9/19/2017  | 
The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.
Siemens' New ICS/SCADA Security Service a Sign of the Times
News  |  9/19/2017  | 
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Commentary  |  9/19/2017  | 
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
Equifax Exec Departures Raise Questions About Responsibility for Breach
News  |  9/18/2017  | 
Disclosed details suggest a failure by the technology team but senior executives and the board are not above responsibility as well, experts say.
Avast CCleaner Compromised Amid Rise in Supply Chain Threats
News  |  9/18/2017  | 
Attackers somehow hacked the build system of Avast's CCleaner to deliver malware, potentially affecting millions of users.
RouteX Hijacks Netgear Routers
Larry Loeb  |  9/18/2017  | 
Malware called RouteX can give an attacker control of popular wireless routers.
Vigilance Brings Machines & Humans Together to Defeat Threats
Simon Marshall  |  9/18/2017  | 
Vigilance, from SentinelOne, ties the strengths of humans and machines together in a threat-resolution system.
Equifax Hit with Lawsuit
Quick Hits  |  9/18/2017  | 
Victims living or doing business in Florida can send a certified letter to seek relief and still remain in compliance with the state's credit laws, attorney says.
To Be Ready for the Security Future, Pay Attention to the Security Past
Commentary  |  9/18/2017  | 
It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.
Public, Hybrid Cloud Security Fears Abound
News  |  9/16/2017  | 
Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.
OurMine Claims Vevo Hack, Releases 3.12TB of Data
Quick Hits  |  9/16/2017  | 
Group known for claiming responsibility for hacking Mark Zuckerberg's Twitter account and the WikiLeaks' DNS attack says it's behind the Vevo breach.
Equifax CIO, CSO Step Down
Quick Hits  |  9/15/2017  | 
Embattled credit-monitoring company names interim replacements for both positions and outlines more details about the massive breach.
Protect DNS: A Conversation With Dave Dufour of Webroot
Curt Franklin  |  9/15/2017  | 
DNS is vulnerable and must be protected. An interview with Dave Dufour explains the vulnerabilities and some of the protection.
Friday Haiku: No Safety in Bluetooth
Curt Franklin  |  9/15/2017  | 
Bluetooth's vulnerability might be the biggest security story of the year.
Senators Propose US Elections Cybersecurity Commission
Quick Hits  |  9/15/2017  | 
The proposed commission would aim to review the 2016 election process and safeguard future elections from interference.
Google, Spotify Build Open-Source Community for GCP Security
Quick Hits  |  9/15/2017  | 
Google and Spotify create Forseti, an open-source community with tools to secure projects on the Google Cloud Platform.
Swirlds Seeks End to Financial Attacks
Simon Marshall  |  9/15/2017  | 
Startup Swirlds is promising better-than-blockchain technology for financial transactions.
Security Orchestration & Automation: Parsing the Options
Commentary  |  9/15/2017  | 
Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.
Attacks on Android Soared 40% in Q2
News  |  9/15/2017  | 
Despite a rise in attacks, the average number of malicious variants remains surprisingly limited, according to a report from Avast.
7 Indicted Iranian Nationals Now Hit with Sanctions by US Treasury
Quick Hits  |  9/15/2017  | 
US Dept. of Treasury has announced sanctions against Iranian nationals and security firms for 'malicious cyber-activity' against US interests.
Attacking Developers Using 'Shadow Containers'
Attacking Developers Using 'Shadow Containers'
Dark Reading Videos  |  9/15/2017  | 
Sagie Dulce describes why developers are such attractive targets and how the Docker API can be exploited to use one of developers' favorite tools against them in sneaky, obfuscated attacks.
FTC Opens Probe into Equifax Data Breach
News  |  9/14/2017  | 
Apache Struts flaw was known to be critical and should have been addressed, security researchers say.
AWS Elasticsearch Servers Host Malware
Curt Franklin  |  9/14/2017  | 
Two strains of POS malware have been using Elasticsearch servers on AWS as hiding places.
<<   <   Page 2 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16060
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
CVE-2018-16061
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
CVE-2021-27561
PUBLISHED: 2021-10-15
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVE-2020-4951
PUBLISHED: 2021-10-15
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE-2021-28021
PUBLISHED: 2021-10-15
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.